Hackers Underworld 2: Forbidden Knowledge

home *** CD-ROM | disk | FTP | other *** search

/ Hackers Underworld 2: Forbidden Knowledge / Hackers Underworld 2: Forbidden Knowledge.iso / HACKING / ISSM303.TXT < prev next >

Wrap

Text File | 1994-07-17 | 23KB | 457 lines

┌────── Information──────────────────────────────────────────────────┐ │ ░░░█ ░░░░░█ ░░░░░█ ░░█ ░░█ │ ├────── Systems ─────────── ░█ ── ░░░█ ── ░░░█ ─── ░░░░█ ── ░░░█ ────┤ │ ░█ ░░░░░█ ░░░░░█ ░░░░░░░░░░░░█ │ ├────── Security ────────── ░█ ───── ░░█ ─── ░░█ ─ ░░█ ─░░█ ─░░█ ────┤ │ ░░░█ ░░░░░█ ░░░░░█ ░░█ ░░█ │ └────── Monitor ─────────────────────────────────────────────────────┘ Dedicated to the pursuit of security awareness.............. =========================================================================== Volume 3 Number 3 July 1993 =========================================================================== IN THIS ISSUE WHO'S READING YOUR SCREEN What's New? Questions on Security Tokens Clyde's Computer Security Hall of Fame Virus Alert Dear Clyde Token Demo Jim's Corner Computer Speak Computer Security Slogan Awardees (Insert) The ISSM is a quarterly publication of the Department of Treasury, Bureau of the Public Debt, AIS Security Branch, 200 3rd Street, Parkersburg, WV 26101 (304) 480-6355 Editors: Ed Alesius Kim Clancy Mary Clark Jim Heikkinen Joe Kordella ******************************* * * * WHO'S READING YOUR SCREEN * * by Philip Elmer-Dewitt * * * ******************************* It's a situation that arises a million times a day in offices around the world. An employee has something personal to tell a co-worker---a confidence, a joke, a bit of gossip that might give offense if it were overheard. Rather than pick up the phone or wander down the hall, he or she simply types a message on a desktop computer terminal and sends it as electronic mail. The assumption is that anything sent by E-mail is as private---if not more so---than a phone call or a face-to-face meeting. That assumption, unfortunately, is wrong. Although it is illegal in some states for an employer to eavesdrop on private conversations or telephone calls---even if they take place on a company-owned phone==there are no clear rules governing electronic mail. In fact, the question of how private E-mail should be has emerged as one of the stickiest legal issues of the electronic age, one that seems to evoke very different responses depending on whose electronic mail system is being used and who is reading the E-mail. Does the White House, for example have the right to destroy electronic messages created in the course of running the government? That issue came to a head last week when a federal judge barred the BushAdministration from erasing computer tapes containing E-mail dating back to the Reagan era---including electronic memos that are relevant to Iran-contra and might implicate officials in the Iraqgate and Clinton passport scandals. The White House had issued guidelines that would have allowed staff members to delete that mountain of electronic evidence. Judge Charles Richey dismissed those instructions as "capricious" and "contrary to the law." He specifically rejected the argument that all substantive E-mail had been saved in computer printouts. The paper versions, Richey noted, omit who received the documents and when. "What government officials knew and when they knew it has been a key question in not only the Iran-contra investigation but also in the Watergate matter." Many historians and legal experts applauded the decision. Government officials, they argue, are civil servants conducting the public's business; the public has the right to review any documents they create--paper or electronic. But how would those citizens feel if it were their E-mail that was being preserved for posterity? Shoudn't private missives sent over a privately owned computer be sacrosanct? That's what Rhonda Hall and Bonita Bourke thought. Three years ago, they were hired by a California subsidiary of Nissan to set up and run the electronic mail networkthat links the car company's Infiniti dealers. A female supervisor heard that some of their E-mail was getting pretty steamy and began monitoring the messages. She soon discovered that the two had some disparaging things to say about her, and the women were threatened with dismissal. When Hall and Bourke filed a grievance complaining that their privacy had been violated, they were fired. One might think the two employees had a strong case for unlawful termination. But their case was dismissed. Nissan's lawyers argued successfully that since the company owned the computer system, its supervisors had a perfect right to read anything created on it. "I'm dismayed," says Noel Shipman, the attorney who is handling Hall and Bourkes's appeal. "To me, the simple bottom line is that gentlemen don't read each other's mail." But it's not that simple. The Electronic Communications Privacy Act of 1986 prohibits "outside" interception of E-mail by a third party--the government, the police or an individual--without proper authorization (such as a search warrant). It does not, however, cover "inside" interception-seeking a peek at the office gossip's E-mail, for example. In the past, courts have ruled that interoffice communications were considered private only if employees had a "reasonable expectation" of privacy when they sent it. The fact is no absolute privacy exists in a computer system, even for the boss. System administrators need to have access to everything in a computer in order to maintain it. Moreover, every piece of E-mail leaves an electronic trail. Though Oliver North tried to delete all his electronic notes in order to conceal the Iran-contra deal, copies of his secret memos ended up in the backup tapes made every night by the White House system operators. "The phrase 'reasonable expectation of privacy' is a joke, because nobody reasonably expects any privacy nowadays," says Michael Godwin, general counsel for the Electronic Frontier Foundation, a not-for-profit group devoted to protecting the civil liberties of people using electronic networks. Some computer users are taking matters into their own hands. If the law will not protect the privacy of their E-mail, they'll do it themselves--by scrambling their messages with encryption codes. Godwin's group is advocating that the government let private individuals use the most powerful encryption systems--systems that even the FBI can't crack. Unfortunately, such complex codes are likely to undermine the principal virtue of electronic mail: convenience. In the end, people bent on private communication--or government officials involved in criminal conspiracies--had best pick up the phone, or better yet, stroll down the hall and have a good old-fashioned face-to-face conversation. Copyright 1993 TIME, Inc. Reprinted by permission. **********************END OF ARTICLE********************* +++++++++++++++++++++++ + + + WHAT'S NEW? + + + +++++++++++++++++++++++ The AIS Security Branch's Electronic BBS number has changed. Bureau telephone changes at the Parkersburg location have been completed and the 420 prefix has been replaced with a 480. The new BBS number is (304) 480-6083. A new feature starts with this issue of the ISSM, titled "Jim's Corner". This article, written by Jim Heikkinen, will list Security Branch Training offerings; various computer security Videos; CBTs; and publications available to Bureau personnel through the AIS Security Branch. ****************END OF ARTICLE*************** %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % QUESTIONS ON SECURITY TOKENS % % By Kim Reese % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% In the last issue of the ISSM, an article was published describing security